Code Of Conduct

Preamble:The PrivacySIG is a Special-Interest-Group type of association formed by companies which are active in the field of visitor intelligence, specifically the collection, storage or processing of foot traffic and visitor flow in retail, event or public transportation environments. The companies employ wireless technologies to gather statistical data for use by its customers.Definitions:Definition of data collectionThe data collected by members of the SIG is based on the presence of consumer devices (e.g. smart phones) in and around a retail shop, event or public transportation. The presence is detected through sensors installed in the area of interest (e.g. WiFi or Bluetooth enabled devices). The unique identifiers transmitted by devices are pseudonymised and then aggregated and used to generate analytics data.Definition of data storage The base data stored by members of the SIG refers to a database or other form of digital storing of collected data.Definition of data processingThe data processing in the scope of the code-of-conduct is defined as processing the base data to statistical data. The statistical data that does not feature any individual identifiers but is in form like “108 devices have been seen at location ‘location #54’ on May 12th 2014”. The statistical data can then further be refined to business critical data to answer questions such as: -Which shopping window design is most attractive to consumers and converts passers-by to store visitors?-What store layout is most suited to the preferences visitors show by spending time in different areas of a store?-What staff level is ideal to keep wait times and queues short?- Similar questions can be given for the event and public transportation business segment.The analysis performed using statistical data is considered as competitive asset of each SIG member and thus out-of-the scope of this code-of-conduct

Privacy principles:•To safeguard the privacy the MAC address captured is pseudonymised to prevent cross referencing with other data source which could lead to identification of individuals.•To safeguard the privacy, base data shall be stored securely and access shall be restricted to as few people as possible.In order to safeguard the principles outlined above, the SIG has set itself and its members a Code of Conduct whose rules each member subscribes to abide by.

Code of Conduct for the Use of Wireless Tracking:The clauses applicable to data collection:

1.ContractAll data-collection activities shall be based on a contract, which authorises a SIG member to perform the data collection. 2.Signaling to consumersEven though no personal information is being tracked, we believe in transparency and consider the shopper whose presence is being captured as a key stakeholder in our businesses. In order to promote transparency to all parties involved, the companies in the SIG will supply its customers (e.g. the retailers) with signatory material such as stickers. These are designated to be deployed to signal to the visitor that Visitor Intelligence is being practised around this location. 3.Pseudonymisation the unique dataMembers of the SIG will pseudonymise the unique data portion as soon as technically possible after receiving it. 4.Limited data collectionThe members shall collect only the minimal data that is necessary for visitor analytics. Members shall not collect data packets.5.Secured data transferThe data transfer between sensor and storage using a secured data connection.6.Access to sensorRemote and local (via Ethernet, USB, Wi-Fi etc.) access to sensors shall be restricted. All privacySIG members shall secure the access to sensors by technical and organizational measures.7.ContractThe SIG members only store data that is collected under a contract, which authorises the collection. 8.Consumer Choice/ Opt out The organisation provides an opt-out page where individuals can opt out by entering their unique MAC address. Each of the members agree to discard any information received from a MAC address that has opted out and not use it for any kind of data analytics. Each of the members shall provide instructions on their website on how to opt-out and a link to the opt-out page provided by the organisation.9.Third partiesIf transferred to a third party, the data shall be transferred only in an aggregated and fully anonymised state where possible. If it is not possible to do so, the receiver shall contractually agree to not use the data in any way which would conflict with this document.10. Security The IT architecture of each member shall be designed with security in mind to prevent theft and misuse of collected data.11.Limited storage of base dataAs part of their Visitor Intelligence product, the members of the SIG have the capability to identify a device as recurring. This allows to analyse visitor loyalty over time which is very valuable for a store owner to understand as it signifies quality of service. This analysis necessitates the SIG members to save unique user IDs in its databases. The members shall not to store base data longer than necessary for the business case.

The clauses applicable to base data processing:

12. Minimum sample size of statistical dataThe statistical data created must have sufficient sample size disallowing reverse engineering of personal data. 13.Limitation of use: No employee tracking without consentThe purpose of Visitor Intelligence is to understand shopping patterns of consumers. The SIG acknowledges the privacy of employees who may be tracked at work. The purpose of Visitor Intelligence is not to control employees in shops. The members shall not specifically separately identify employees without their explicit consent.

General clauses:

14.EducationThe members of the SIG emphasise the importance of education with regards to this innovative and often unknown field of technology and analysis. In order to increase awareness of Visitor Intelligence, the members shall use a common signalling in form of the SIG logo. The members are encouraged work actively in educating its clients, the press and the general public about their technology, businesses and the risks and benefits of their products. 15.ExclusionsThere shall be certain exclusions from this code of conduct where personalised information might be collected and used. Specifically and exclusively this shall apply to:-The use of data by a request of a governmental or regulatory body (including court orders)-Data gathered with the consent of the user-Data which is collected to facilitate the network management or the administration and development of systems16. GDPREach member is required to fulfil the legal requirements set by the EU General Data Protection Regulation (GDPR). To achieve this, each member has performed a Privacy Impact Assessment (PIA) relying on third party audits/audit tools. On request, any member can ask the board of PrivacySiG about the status of any members PIA and each member will on request provide to the board this evidence.​17.ValidityThe founding members of commit to regulate all their business according to this code-of-conduct after 60 days of the establishment of the SIG. The member joining the SIG after the establishment shall regulate its business according to the code-of-conduct from the date they are accepted.